Approaching Cloud Security From the Inside-Out

Approaching Cloud Security From the Inside-Out

Approaching Cloud Security From the Inside-OutApproaching Cloud Security From the Inside-Out

Security in the cloud requires an inversion of the traditional approach to security by assessing security from the inside-out rather than the outside-in.

ReconnaissanceReconnaissance

During the reconnaissance step, an attacker looks for publicly available information on the Internet either to find a target that has vulnerabilities that can be compromised or to see what vulnerabilities exist within the cloud infrastructure of a specific organization.

Catching Brute Force Attackers During ReconnaissanceCatching Brute Force Attackers During Reconnaissance

To catch potential hackers during reconnaissance, implement continuous security monitoring to alert you to any scanning activity and abnormal login attempts or failures.

WeaponizationWeaponization

After reconnaissance on your own network, consider the types of exploits and malicious payloads that could be used.

DeliveryDelivery

An attacker can send an exploit or malicious payload several ways. To detect an attack, implement continuous security monitoring. Knowing about a vulnerability before a signature is created is a huge advantage against attackers.

ExploitationExploitation

During the execution of an attack, the attacker establishes a foothold by finding a vulnerability in the server service, or through the use of compromised credentials. He or she can gain further access via a local privilege escalation exploit.

InstallationInstallation

During installation, an attacker typically installs a program (a kernel module or rootkit, for example) or file to maintain the connection and control without detection. That lets him or her operate internal assets remotely.

Command and ControlCommand and Control

The connection from a compromised server or an outbound connection to an unusual IP address or host can indicate that an attacker has gained a foothold and is using it to install a program to help maintain connection and control.

Disabled Antivirus or Defensive ToolsDisabled Antivirus or Defensive Tools

An attacker may leverage command and control to stop certain services or processes, like antivirus or defensive tools, to hide their activity. Such suspicious behavior indicates an attack underway.

Action on ObjectivesAction on Objectives

During the final step of an attack, an attacker carries out his or her main objective, compromising the network or accessing valuable assets like customer data, intellectual property or health-care data. To protect data in this final step, implement File Integrity Monitoring (FIM) to watch who accesses certain files and when.

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Latest Articles